Lucene search
K

447 matches found

Cvelist
Cvelist
added 2024/06/11 2:32 p.m.46 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
CVE
CVE
added 2024/06/11 2:32 p.m.86 views

CVE-2024-23111

CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...

6.8CVSS6.9AI score0.01042EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.5 views

PT-2024-4152 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.4 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiOS version 6.4 and earlier FortiProxy versions prior to 7.4.3 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier FortiProx...

4.4CVSS6.9AI score0.03469EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.30 views

Fortinet Fortigate xss (FG-IR-23-471)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. - An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS versi...

6.8CVSS7.6AI score0.01042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.5 views

PT-2024-4153 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.3 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiProxy versions prior to 7.4.2 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier Description: The issue is related to an...

8.3CVSS7.3AI score0.01042EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.86 views

Fortinet Fortigate Weak key derivation for backup file (FG-IR-23-423)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. - A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and...

4.4CVSS7.3AI score0.03469EPSS
Exploits1References2
CVE
CVE
added 2024/04/12 9:0 p.m.85 views

CVE-2024-29023

CVE-2024-29023 affects Xibo CMS: session tokens are exposed in the session-search API response, enabling potential session hijacking when users have access to the sessions page. Affected software is Xibo: upgrades are recommended to close the issue. Remediation per sources: Upgrade to Xibo 3.3.10...

7.2CVSS6.8AI score0.00802EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/12 12:0 a.m.22 views

Cisco Identity Services Engine Server-Side Request Forgery (cisco-sa-ise-ssrf-FtSTh5Oz)

According to its self-reported version, Cisco Identity Services Engine Server-Side Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side...

5.5CVSS5.8AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 3:15 p.m.21 views

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

6.7CVSS7AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2024/04/09 2:24 p.m.84 views

CVE-2023-48784

CVE-2023-48784: Fortinet FortiOS contains a use of externally-controlled format string vulnerability (CWE-134) in the CLI that may allow a local privileged attacker with super-admin/CLI access to execute arbitrary code via specially crafted requests. Affected: FortiOS 7.4.1 and below, 7.2.7 and b...

6.7CVSS7.9AI score0.00771EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:24 p.m.26 views

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

6.7CVSS7.2AI score0.00771EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:24 p.m.21 views

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

6.7CVSS8AI score0.00771EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.5 views

PT-2024-3562 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below Description: A use of externally-controlled format string vulnerability in FortiOS command line interface ma...

6.7CVSS7.8AI score0.00771EPSS
Exploits0References9
Veracode
Veracode
added 2024/04/08 4:22 a.m.44 views

Remote Code Execution

WordPress is vulnerable to Remote Code Execution RCE. The vulnerability is due to a defect in the Plugins - Add New - Upload plugin functionality where uploaded file other than a zip file remains temporary available in the Media Library despite being not allowed during FTP upload when that file i...

7.6CVSS7.2AI score0.00945EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/06 6:33 p.m.43 views

BIT-WORDPRESS-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.5AI score0.00945EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/04 11:15 p.m.63 views

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

8.8CVSS7.1AI score0.00945EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/04 10:59 p.m.59 views

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

7.6CVSS7.8AI score0.00945EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/04 10:59 p.m.46 views

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

7.6CVSS7.1AI score0.00945EPSS
Exploits0References1
NVD
NVD
added 2024/04/03 5:15 p.m.12 views

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

5.5CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 4:22 p.m.80 views

CVE-2024-20332

The CVE-2024-20332 issue affects Cisco Identity Services Engine (ISE) web-based management interface. It is a server-side request forgery (SSRF) caused by improper input validation in specific HTTP requests, enabling an authenticated attacker to cause the ISE to make arbitrary network requests so...

5.5CVSS6.9AI score0.00369EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder